topic How to find the authentication and encryption keys of an IKE based IPSec VPN in SRX ? in SRX Services Gatewayhttps://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/145280#M18808
<P>Hi ,</P><P>&nbsp;</P><P>Just wanted to check if there is any way we get the authentication and encryption keys generated as part of IKE , so that we can use those keys in the protocol analyzers like Wireshark to decrypt the ESP traffic and confirm the original plain text traffic(for testing purposes only)&nbsp;.</P><P>&nbsp;</P><P>any commands to get the keys on SRX ?</P><P>&nbsp;</P><P>Thanks in advance !</P>Mon, 04 Jun 2012 05:47:49 GMTJunivator2012-06-04T05:47:49ZHow to find the authentication and encryption keys of an IKE based IPSec VPN in SRX ?https://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/145280#M18808
<P>Hi ,</P><P>&nbsp;</P><P>Just wanted to check if there is any way we get the authentication and encryption keys generated as part of IKE , so that we can use those keys in the protocol analyzers like Wireshark to decrypt the ESP traffic and confirm the original plain text traffic(for testing purposes only)&nbsp;.</P><P>&nbsp;</P><P>any commands to get the keys on SRX ?</P><P>&nbsp;</P><P>Thanks in advance !</P>Mon, 04 Jun 2012 05:47:49 GMThttps://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/145280#M18808Junivator2012-06-04T05:47:49ZRe: How to find the authentication and encryption keys of an IKE based IPSec VPN in SRX ?https://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/253371#M31265
<P>bump on this.</P>
<P>&nbsp;</P>
<P>Pradeep did you ever find a way to get the keys?</P>Fri, 15 Aug 2014 04:40:50 GMThttps://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/253371#M31265adamjguy2014-08-15T04:40:50ZRe: How to find the authentication and encryption keys of an IKE based IPSec VPN in SRX ?https://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/253417#M31274
<P>Hello,</P>
<P>To decrypt locally any JUNOS passwords starting with $9$ You can use Perl module</P>
<P><A href="http://search.cpan.org/~kbrint/Crypt-Juniper-0.02/lib/Crypt/Juniper.pm&nbsp;" target="_blank">http://search.cpan.org/~kbrint/Crypt-Juniper-0.02/lib/Crypt/Juniper.pm&nbsp;</A></P>
<P>If You are really impatient, You can go to <A href="http://password-decrypt.com" target="_blank">http://password-decrypt.com</A> but beware that Your password can be added to someone's brute-force attack dictionary.</P>
<P>HTH</P>
<P>Thanks<BR />Alex</P>Fri, 15 Aug 2014 15:58:48 GMThttps://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/253417#M31274aarseniev2014-08-15T15:58:48ZRe: How to find the authentication and encryption keys of an IKE based IPSec VPN in SRX ?https://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/253515#M31287
<P>Hi Pradeep,</P>
<P>&nbsp;</P>
<P>I have seen the authentication keys and encryptions keys in the IKE trace files.</P>
<P>&nbsp;</P>
<P>Note:</P>
<P>&nbsp;</P>
<P>1.clear kmd logs ( clear log kmd )</P>
<P>2. delete all ike and ipsec traceoptions ( do not deactivate)</P>
<P>&nbsp;</P>
<P>Kindly enable per tunnel debugging from CLI prompt and check the trace file for Keys generated for VPN encrption and authentication.</P>
<P>&nbsp;</P>
<P>request security ike debug-enable local x.x.x.x remote y.y.y.y level 15</P>
<P>&nbsp;</P>
<P>x.x.x.x and y.y.y.y are vpn peer ip addresses.</P>
<P>&nbsp;</P>
<P>Regards<BR />rparthi<BR />&nbsp;</P>
<P>Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too</P>Sun, 17 Aug 2014 03:25:09 GMThttps://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/253515#M31287rparthi2014-08-17T03:25:09ZRe: How to find the authentication and encryption keys of an IKE based IPSec VPN in SRX ?https://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/467448#M54714
<P>Hello,<BR /><BR />Sorry to bring up and old thread from years back, but I'm interesed in this topic. (see also this&nbsp;<A href="https://forums.juniper.net/t5/SRX-Services-Gateway/Decrypting-IKEv2-Messages-on-SRX/m-p/465954#M54229" target="_blank">https://forums.juniper.net/t5/SRX-Services-Gateway/Decrypting-IKEv2-Messages-on-SRX/m-p/465954#M54229</A>)</P>
<P>&nbsp;</P>
<P>Can you be more specific ? After I enable per tunnel debugging, which logs should I check for the keys ?</P>Sun, 01 Sep 2019 01:17:52 GMThttps://forums.juniper.net/t5/SRX-Services-Gateway/How-to-find-the-authentication-and-encryption-keys-of-an-IKE/m-p/467448#M54714WhatNot2019-09-01T01:17:52Z